Getting To Know Linux: File Permissions
A handy server management guide looking closer at how files are managed within Linux.
For those who have grown up using Windows as their bread and butter operating system, it can come as a surprise that there are alternative options out there for managing your server. For those businesses out there who have grown to a point where they need a dedicated server to power their website, it’s important to get to know some of the alternative systems which are commonly used around the world. Linux is a global leader in server operating systems, and while it can be a bit tricky to get your head around the threadbare system, it’s a great tool to get to know (and it’s free!).
Head over to this blog post for an introduction to Linux.
One of the first confusing things to deal with when you first encounter Linux is how your files are stored and accessed; known as the file ‘permissions’. This is quite different to the methods used in Windows where all users can access pretty much all files. File permissions issues can cause quite a few headaches when setting up a website on a Linux system, and can be tricky to deal with whether you are using a dedicated server, a vps, or shared hosting. Incorrect file permissions can cause a lot of unwanted confusion!
So this is how they work.
The first thing to understand is how Linux views the ownership of files. Bare with us, this could get a little tough to explain…
Files are owned by both a user and a group, although only the individual user that owns a file is referred to as its owner. Usually, when a user is created a matching group is also set up, of which that user is the only member. However, a user can be a member of multiple groups and is only named as owner of their personal files individually.
Still with us? Now for permissions.
A file has three sets of permissions:
- first are the permissions of the owner
- secondly the permissions for the owning group
- last of all come permissions for everyone else.
The permissions that can be applied are:
- for read access to a file (the ability to open it and view the contents)
- for write access to the file (the ability to change the file or its contents)
- and lastly for execute access to the file (the ability to execute the file as a program)
Each of these permissions can be allowed or denied as required for any file and they can be set differently for the owner, group and everyone else.
Note: regardless of any permissions set, the root user always has read and write access to any files on the system. This can be handy as it is possible to set the ownership and permissions such that you can remove your own access to your files and then need the root user to restore them.
Permissions are executed (which is tech-talk for put into action) at the command line. The Linux command line is a stripped back no-frills screen which talks to your server and can look something like this (depending on which Linux distribution you’re running – more on that here):
To see the permissions on a file you can use the ‘ls’ command; simply type the following into the command line and hit enter:
ls -l
You’ll get an output similar to the below:
-rwxr-xr-x 1 hayden hayden 545 Sep 27 2008 testscript.sh
-rw-r————- 1 root root 240 Aug 30 2014 scriptoutput
Don’t panic! Here’s what it all means:
The first part of the output shows the permissions of the file; the second shows the number of hard links made to the file. Next are the user and group owners (in our example above both the group and owner names are the same). After that comes the size of the file in bytes, the date it was last modified and finally the filename.
The permissions shown run from left to right; the first character is a special one that is usually shown as a ‘dash’ for a file and a ‘d’ to signify a directory, though other options do exist. The next three characters are the permissions for the file owner. The three after that are for the owning group and the last three are for everyone else. In each of those sets the letter ‘r’ denotes that read access is permitted, the letter ‘w’ denotes that write access is permitted and the letter ‘x’ denotes that execute access is permitted.
To break down the example files above, the first file has read, write and execute access for the user ‘hayden’ (that’s me!), read and execute access for users in the group ‘hayden’ and read and execute access for all other users. The second file gives read and write access to the root user, read access to members of the root group and no access to the file for any other users.
Got it? This is how you set your own permissions.
Setting the permissions can be done by using the ‘chmod’ command. There are two ways to set the permissions, the most common being numerically. In this instance the number 4 denotes read access, 2 denotes write access and 1 denotes execute access. You can add the numbers together to change the permission given, so the number 5 gives read and execute access, 6 gives read and write access, 3 gives write and execute access and 7 gives all access. Let’s look at the following command:
chmod 740 testscript.sh
In this case the permissions are being set with read, write and execute access for the file owner, read and write access for the owning group and no access for any other users. Alternately chmod can be used with another syntax as shown below:
chmod g+rx filename.ext
chmod a+r filename.ext
chmod u-wx filename.ext
It looks somewhat cryptic but is pretty simple to decipher (we promise!). The first letter after the chmod command denotes the permission you are changing, ‘u’ for the owning user, ‘g’ for the owning group and ‘a’ for all other users. The following plus or minus symbol denotes adding or removing a permission from a file. Finally the letters ‘r’, ‘w’ and ‘x’ are used to reference read access, write access and execute access as shown by the ls command. So the first line is adding the read and execute permissions to the file for the owning group. The second line is adding read access for all other users. Finally the third line is removing write and execute permissions for the owning user.
Making these changes using the method above requires access to the Linux command line. If you don’t have access to the command line or don’t feel comfortable using it then there’s no need to worry, most FTP clients will allow you to set the permissions of your files as well as upload and download files. FileZilla, for example, allows you to view a file’s permissions from a right click and allows the permissions to be set either through using simple tick boxes or setting the numeric permissions as shown above. When configuring pieces of website software such as forums, galleries or blogs they will often alert you if a file or directory has incorrect permissions set, and provide the required permissions in the numeric format, so how that works is something that is handy to remember.
Keep up with the UK2 Blog for more handy guides on server management, and get in touch with us if there’s something in particular that you’d like to see us explain @UK2.